ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 7380] Only use Hosts file or Address Resolution block for

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Tue, 10 Jul 2012 19:07:11 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7380

--- Comment #12 from Guy Harris <guy@xxxxxxxxxxxx> 2012-07-10 19:07:11 PDT ---
OK, so it sounds as if there are several possible IP-to-name resolution modes:

    1) don't resolve any names;

    2) resolve names using only any name resolution information in the capture;

    3) resolve names using name resolution information in the capture and the
Wireshark hosts file(s);

    4) resolve names using name resolution information in the capture, the
Wireshark hosts file(s), and DNS (or whatever gethostbyaddr() and company use,
which might include other forms of resolution-by-a-server as well as a system
hosts file).

I suspect "resolve names using only the Wireshark hosts file(s)" isn't that
useful, as, for the IP addresses in a capture, name resolution information in
the capture is more authoritative than a hosts file on your machine (consider,
for example, private and link-local IPv4 and IPv6 addresses, where the host
name is local to the network, and data from the capture is likely to reflect
the local assignment, but data from your hosts file is unlikely to if you're on
a different network).

Is there any reason why 1) would be useful?  In the packet details, items
normally either give only the address or give the address and whatever host
name it resolves to, so it's not as if you need to select "don't resolve any
names" to get the IP address (if there are any cases where a dissector puts
*only* the resolved name into the display, that's a deficiency in the
dissector).  In the packet summary, you could choose a column that displays
only the unresolved address - and we might want to consider making it easier to
switch columns for resolvable values beetween "resolved" and "unresolved".

As for the difference between 2) and 3), is there any reason to allow the hosts
file to be temporarily suppressed?  ("Permanently suppressed" can be done by
removing or clearing the file.)

That would then have, at least for IPv4 and IPv6 addresses, only one switch -
"use external name resolver".

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube